Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sfiHhdYhzvcYoWCliyQDLw6p5Qc.roa
File:                     sfiHhdYhzvcYoWCliyQDLw6p5Qc.roa (raw, json)
Hash identifier:          M1ckFNEG6XZyrhQ2q2YjH41FTQlYa8fZFlDchpnUAOo=
Subject key identifier:   B1:F8:87:85:D6:21:CE:F7:18:A1:60:A5:8B:24:03:2F:0E:A9:E5:07
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188AFF195A45222761611A002A5B6114EFC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sfiHhdYhzvcYoWCliyQDLw6p5Qc.roa
Signing time:             Mon 12 Jun 2023 14:10:25 +0000
ROA not before:           Mon 12 Jun 2023 14:10:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:af:f1:95:a4:52:22:76:16:11:a0:02:a5:b6:11:4e:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 12 14:10:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b1f88785d621cef718a160a58b24032f0ea9e507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:67:4c:06:b2:ac:29:ee:a8:b5:44:9c:b6:51:
                    4d:cd:61:d9:fe:10:fc:78:7f:bb:8c:4a:ff:f5:25:
                    2f:f2:21:83:94:2c:64:b7:0c:3f:b7:54:0c:c5:4a:
                    24:9f:d9:31:bc:b1:09:ed:79:30:24:11:cc:59:35:
                    78:ef:b8:54:c7:71:96:1f:1a:e8:b2:a6:28:cb:b4:
                    19:f7:ed:c6:c9:81:b8:0e:e9:f6:54:b9:ce:38:1a:
                    ec:ef:59:8e:d6:46:7b:8a:df:66:7b:9a:4b:70:99:
                    87:0a:a7:58:b9:88:43:92:97:31:bb:00:58:3c:25:
                    55:80:8d:4f:d0:e1:26:b3:06:57:f2:3b:26:61:66:
                    37:d5:47:a6:13:06:7d:db:c8:ae:aa:29:3b:bb:af:
                    d9:ca:de:29:6f:b4:84:2b:2e:86:30:f5:04:05:e9:
                    7d:96:2a:d2:e3:75:ff:b5:3c:4a:4f:b7:58:4d:fe:
                    17:d0:84:bf:19:f8:ee:bc:72:17:0e:d0:95:3b:34:
                    a5:2d:17:74:9d:fc:99:55:81:a4:94:3e:4a:e3:00:
                    5e:d2:54:59:74:79:88:09:80:c4:1a:f5:29:ef:a4:
                    cf:7a:0b:66:bc:44:e7:4a:9d:4a:23:0b:ba:fe:29:
                    9f:6b:e2:28:e7:b4:a2:63:af:39:e4:09:6c:96:bf:
                    08:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F8:87:85:D6:21:CE:F7:18:A1:60:A5:8B:24:03:2F:0E:A9:E5:07
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sfiHhdYhzvcYoWCliyQDLw6p5Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:1e:49:13:2b:0c:35:70:4c:7f:cc:ae:2b:fc:83:d3:6d:32:
         b1:e6:55:91:01:bc:5a:40:e4:48:36:61:a0:fe:6c:a1:10:e3:
         a3:13:51:36:8b:8a:5c:5b:75:b8:ce:e4:da:be:5b:e2:4d:4d:
         4b:ef:7a:2f:86:d9:1d:77:af:31:7b:9a:c8:d4:1a:88:69:d4:
         c9:1d:7e:ff:de:d4:46:79:3c:89:05:8b:d0:eb:48:00:52:44:
         ed:15:ed:8d:2f:08:1e:a0:e0:1d:69:07:3e:86:ad:46:06:d8:
         62:bf:55:96:f6:b8:c9:88:90:d9:f1:23:cd:c9:a2:42:fc:9d:
         3e:f6:22:e9:5e:ba:9c:9b:d4:fe:98:17:b9:e7:48:d2:69:f7:
         c9:6e:88:22:11:e4:59:75:a8:2f:ea:cd:1f:51:b6:84:24:f4:
         a3:ee:21:f9:be:13:40:a5:f1:ed:50:b5:9e:8e:b2:47:ca:de:
         2d:c8:34:bd:5e:4f:fd:bd:cd:7a:5a:76:f6:bc:3e:44:25:9d:
         3b:ef:e1:59:a0:71:20:0a:cb:ea:04:5e:c9:59:96:de:c8:66:
         d8:af:46:b6:0a:cb:0f:ae:0c:e5:af:7e:44:a7:6a:ac:2d:cb:
         07:a4:97:db:ff:f4:5d:fa:a8:9b:b5:f2:85:d2:48:50:bf:be:
         e3:d8:f1:61
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiv8ZWkUiJ2FhGgAqW2EU78MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEyMTQxMDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY4ODc4NWQ2MjFjZWY3MThhMTYwYTU4YjI0MDMyZjBlYTllNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2dMBrKsKe6otUSctlFNzWHZ/hD8
eH+7jEr/9SUv8iGDlCxktww/t1QMxUokn9kxvLEJ7XkwJBHMWTV477hUx3GWHxro
sqYoy7QZ9+3GyYG4Dun2VLnOOBrs71mO1kZ7it9me5pLcJmHCqdYuYhDkpcxuwBY
PCVVgI1P0OEmswZX8jsmYWY31UemEwZ928iuqik7u6/Zyt4pb7SEKy6GMPUEBel9
lirS43X/tTxKT7dYTf4X0IS/GfjuvHIXDtCVOzSlLRd0nfyZVYGklD5K4wBe0lRZ
dHmICYDEGvUp76TPegtmvETnSp1KIwu6/imfa+Io57SiY6855Alslr8IXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLH4h4XWIc73GKFgpYskAy8OqeUHMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc2ZpSGhkWWh6dmNZb1dDbGl5UURMdzZwNVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKQeSRMrDDVwTH/Mriv8
g9NtMrHmVZEBvFpA5Eg2YaD+bKEQ46MTUTaLilxbdbjO5Nq+W+JNTUvvei+G2R13
rzF7msjUGohp1Mkdfv/e1EZ5PIkFi9DrSABSRO0V7Y0vCB6g4B1pBz6GrUYG2GK/
VZb2uMmIkNnxI83JokL8nT72Iuleupyb1P6YF7nnSNJp98luiCIR5Fl1qC/qzR9R
toQk9KPuIfm+E0Cl8e1QtZ6OskfK3i3INL1eT/29zXpadva8PkQlnTvv4VmgcSAK
y+oEXslZlt7IZtivRrYKyw+uDOWvfkSnaqwtywekl9v/9F36qJu18oXSSFC/vuPY
8WE=
-----END CERTIFICATE-----